Official Repository

Last pushed: 4 days ago
Short Description
Apache Maven is a software project management and comprehension tool.
Full Description

Supported tags and respective Dockerfile links

Quick reference

What is Maven?

Apache Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information.

How to use this image

Create a Dockerfile in your Maven project

FROM maven:3.2-jdk-7-onbuild
CMD ["do-something-with-built-packages"]

Put this file in the root of your project, next to the pom.xml.

This image includes multiple ONBUILD triggers which should be all you need to bootstrap. The build will COPY . /usr/src/app and RUN mvn install.

You can then build and run the image:

$ docker build -t my-maven .
$ docker run -it --name my-maven-script my-maven

Run a single Maven command

For many simple projects, you may find it inconvenient to write a complete Dockerfile. In such cases, you can run a Maven project by using the Maven Docker image directly, passing a Maven command to docker run:

$ docker run -it --rm --name my-maven-project -v "$PWD":/usr/src/mymaven -w /usr/src/mymaven maven:3.2-jdk-7 mvn clean install

Image Variants

The maven images come in many flavors, each designed for a specific use case.


This is the defacto image. If you are unsure about what your needs are, you probably want to use this one. It is designed to be used both as a throw away container (mount your source code and start the container to start your app), as well as the base to build other images off of.


The ONBUILD image variants are deprecated, and their usage is discouraged. For more details, see docker-library/official-images#2076.

While the onbuild variant is really useful for "getting off the ground running" (zero to Dockerized in a short period of time), it's not recommended for long-term usage within a project due to the lack of control over when the ONBUILD triggers fire (see also docker/docker#5714, docker/docker#8240, docker/docker#11917).

Once you've got a handle on how your project functions within Docker, you'll probably want to adjust your Dockerfile to inherit from a non-onbuild variant and copy the commands from the onbuild variant Dockerfile (moving the ONBUILD lines to the end and removing the ONBUILD keywords) into your own file so that you have tighter control over them and more transparency for yourself and others looking at your Dockerfile as to what it does. This also makes it easier to add additional requirements as time goes on (such as installing more packages before performing the previously-ONBUILD steps).


This image is based on the popular Alpine Linux project, available in the alpine official image. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general.

This variant is highly recommended when final image size being as small as possible is desired. The main caveat to note is that it does use musl libc instead of glibc and friends, so certain software might run into issues depending on the depth of their libc requirements. However, most software doesn't have an issue with this, so this variant is usually a very safe choice. See this Hacker News comment thread for more discussion of the issues that might arise and some pro/con comparisons of using Alpine-based images.

To minimize image size, it's uncommon for additional related tools (such as git or bash) to be included in Alpine-based images. Using this image as a base, add the things you need in your own Dockerfile (see the alpine image description for examples of how to install packages if you are unfamiliar).


View license information for the software contained in this image.

Docker Pull Command

Comments (14)
9 days ago

I'm having problems running the maven:3.5.0-jdk-8 container on Windows. In my Dockerfile I have
CMD mkdir -p /root/.m2
and it's falling over saying permission denied. When I run the container, I'm mapping the %userprofile%.m2 directory on the host Windows machine to /root/.m2 in the container. What kind of permissions do I need to grant on the host's .m2 directory so that the container can run? It's not an issue when I run on OSX, it just works.

3 months ago

I am trying to do a release with this image which requires gpg (which is available in the container). However, when I execute the build command I get an error and I think it's because it is looking to talk to something on my local box (Mac OSX). Anyone have some insight?

I am mounting my home directory to /root in the container so it can find my gpg key.

docker run -it --rm --name my-maven-project -v /Users/cbongiorno:/root -v $PWD:/usr/src/mymaven -w /usr/src/mymaven maven:3.3-jdk-8 mvn -B release:prepare release:perform -Dgpg.passphrase=...

gpg: pcsc_establish_context failed: no service (0x8010001d)
gpg: card reader not available
gpg: signing failed: general error
gpg: signing failed: general error

5 months ago

For anyone using maven behind a proxy, here is an extension of this image that lets you configure proxy with environment variables:

7 months ago

after pulling latest maven-3.3.9-jdk-9 image today I get this error on wagon using an https repository

Exception in thread "main" java.lang.ExceptionInInitializerError
at javax.crypto.JceSecurityManager.<clinit>(java.base@9-Debian/
at javax.crypto.Cipher.getConfiguredPermission(java.base@9-Debian/
at javax.crypto.Cipher.getMaxAllowedKeyLength(java.base@9-Debian/
at java.lang.Class.forName0(java.base@9-Debian/Native Method)
at java.lang.Class.forName(java.base@9-Debian/
at org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.createConnManager(
at org.apache.maven.wagon.providers.http.AbstractHttpClientWagon.<clinit>(
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(java.base@9-Debian/Native Method)
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(java.base@9-Debian/
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(java.base@9-Debian/
at java.lang.reflect.Constructor.newInstance(java.base@9-Debian/
at org.eclipse.sisu.bean.BeanScheduler$Activator.onProvision(
at org.eclipse.sisu.inject.Guice4$1.get(
at org.eclipse.sisu.inject.LazyBeanEntry.getValue(
at org.eclipse.sisu.plexus.LazyPlexusBean.getValue(
at org.codehaus.plexus.DefaultPlexusContainer.lookup(
at org.codehaus.plexus.DefaultPlexusContainer.lookup(
at org.eclipse.aether.internal.transport.wagon.PlexusWagonProvider.lookup(
at org.eclipse.aether.transport.wagon.WagonTransporter.lookupWagon(
at org.eclipse.aether.transport.wagon.WagonTransporter.<init>(
at org.eclipse.aether.transport.wagon.WagonTransporterFactory.newInstance(
at org.eclipse.aether.internal.impl.DefaultTransporterProvider.newTransporter(
at org.eclipse.aether.connector.basic.BasicRepositoryConnector.<init>(
at org.eclipse.aether.connector.basic.BasicRepositoryConnectorFactory.newInstance(
at org.eclipse.aether.internal.impl.DefaultRepositoryConnectorProvider.newRepositoryConnector(
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.performDownloads(
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts(
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifact(
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.readArtifactDescriptor(
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.resolveCachedArtifactDescriptor(
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.getArtifactDescriptorResult(
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.processDependency(
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.processDependency(
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.process(
at org.eclipse.aether.internal.impl.DefaultDependencyCollector.collectDependencies(
at org.eclipse.aether.internal.impl.DefaultRepositorySystem.collectDependencies(
at org.apache.maven.project.DefaultProjectDependenciesResolver.resolve(
at org.apache.maven.lifecycle.internal.LifecycleDependencyResolver.getDependencies(
at org.apache.maven.lifecycle.internal.LifecycleDependencyResolver.resolveProjectDependencies(
at org.apache.maven.lifecycle.internal.MojoExecutor.ensureDependenciesAreResolved(
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(
at org.apache.maven.DefaultMaven.doExecute(
at org.apache.maven.DefaultMaven.doExecute(
at org.apache.maven.DefaultMaven.execute(
at org.apache.maven.cli.MavenCli.execute(
at org.apache.maven.cli.MavenCli.doMain(
at org.apache.maven.cli.MavenCli.main(
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(java.base@9-Debian/Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(java.base@9-Debian/
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(java.base@9-Debian/
at java.lang.reflect.Method.invoke(java.base@9-Debian/
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(
at org.codehaus.plexus.classworlds.launcher.Launcher.main(
Caused by: java.lang.SecurityException: Can not initialize cryptographic mechanism
at javax.crypto.JceSecurity.<clinit>(java.base@9-Debian/
... 103 more
Caused by: java.lang.NullPointerException
at sun.nio.fs.UnixPath.normalizeAndCheck(java.base@9-Debian/
at sun.nio.fs.UnixPath.<init>(java.base@9-Debian/
at sun.nio.fs.UnixFileSystem.getPath(java.base@9-Debian/
at java.nio.file.Paths.get(java.base@9-Debian/
at javax.crypto.JceSecurity.setupJurisdictionPolicies(java.base@9-Debian/
at javax.crypto.JceSecurity.access$000(java.base@9-Debian/
at javax.crypto.JceSecurity$
at javax.crypto.JceSecurity$
at Method)
at javax.crypto.JceSecurity.<clinit>(java.base@9-Debian/
... 103 more

7 months ago

Wow this container is lifesaver. The whole development team work on Linux and I work mostly in Windows. Very seldom I need to compile some project, and usually I am in a rush. The tests explodes for incorrect use of separators or open files. I can build with this container using Docker for Windows and not taking care of Windows compatibility of the application which is not needed.

10 months ago

I am using "FROM maven:3.2-jdk-7-onbuild" in Dockerfile.
it is installing openJdk.. How to install maven with oracle jdk..

10 months ago

Maybe it interest for someone...
I added -u option for compiled files in target directory would be with owner "nikita" (not "root" as by default):

docker run -it --rm --name my-maven-project -u $(id -u):$(id -g) -v "$PWD":/usr/src/mymaven -w /usr/src/mymaven maven:3.2-jdk-7 mvn clean package


a year ago

An image based on a jdk-alpine image would be great.

a year ago

putting $HOME/.m2 inside VOLUME is maybe not smart?
If I want to use install:install-file w 3rd-party jar during build .. its gone baby!

a year ago

e.g. openjdk-8u91-jdk